Saturday, January 10, 2015

Cisco CCNP - 300-101 - Understanding Routing

So it's that time again for me to renew my Cisco Certifications. As a result, this post is based on my preparation for the CCNP Route Exam (300-101).

In this post I will be focusing on understanding (refreshing my memory) - Some Definitions

Poison Reverse - Use to advertise a route as unreachable in distance vector protocols. Since RIP uses a maximum hop count of 15, it can poison a route by advertising it with a hop count of 16. This would make other routers consider this route as unreachable. When Poison Reverse is used a route learned via a specific interface is advertised back on that interface with a metric of infinite.

Summarization - This is also called route aggregation and is used to reduce the number of entries in routing tables. Multiple routes are made into a single entry and then placed in the routing table. This is done to save on bandwidth, reduce on CPU cycles, etc.

Split Horizon - Used to prevent routes learned on a specific interface from being advertised back out on that interface

Convergence - Relates to the time it take for a router to update its routing table by adding and or removing routes to represent the new state and or topology of the infrastructure.

Types Of Routing ProtocolsDistance Vector - RIP (v1, c2 and ng) - Uses hop count to calculate metric - EIGRP - by default uses bandwidth and delay to calculate metric. Can also use Reliability, load and MTU uses Diffusing Update Algorithm (DUAL) K-values change on one router must be updated on all neighbours

Link State - uses Djikstra's Shortest Path First Algorithm - OSPF - Uses cost for its metric. Cost is based on the speed of the link between two routers - Priority 0 prevents routers from participating in the Designated Router (DR) election process. - IS-IS

Path Vector - Include information about the exact path a packet should take to reach a destination network. - BGP - Used to connect multiple autonomous system. The routing protocol that runs the Internet. - Sets up a TCP session between peers - uses unicast for route advertisement.

Route redistribution - Allows router to have it various interfaces participate in different routing protocols. Routes learned from one routing protocols can be injected into another routing protocol.

Hop Count - This is the number of routers which must be crossed to get to a destination networks

Autonomous System - "A set of routers under a single technical administration, using an interior gateway protocol (IGP)"

Interior Gateway Protocols (IGP)Used for routing traffic within a single autonomous system or by routing devices typically owned by one organization. Examples are RIP, OSPF, EIGRP, IS-IS, iBGP

Exterior Gateway Protocols (EGP)Used for routing traffic between different autonomous system. The most mused EGP is Border Gateway Protocol

Types Of Network Communication - Unicast - Used for one-to-one communication. In IPv6 global unicast begins with 2000::/3 - Multicast - Used for one-to-many communication. IPv6 multicast uses ff00::/8 - Broadcast - Used for one-to-all communication. Used in IPv4 but not in IPv6 networks - Anycast - A single IPv6 address applied to multiple devices. In this case communication is one-to-nearest. Not used in IPv4 networks - Point-to-Point - A single link connecting two devices. Typically found on serial links - Non Broadcast Multiple Access (NBMA) - Does not support broadcast. Individual messages must be sent to each router. Because there is no support for broadcast or multicast, problems can occurr with dynamic routing protocols. Hence neighboring IP address must be statistically configured.

TCP Maximum Segment Size (MSS) - This is an option that is used only at the time a connection is established to indicated the maximum amount of octets which the receiver can accept per segment. The value specified does not include any headers (Ethernet, IP, TCP, etc)

Virtual Private Networks (VPN) - Used to connect one or more private networks across the public Internet. Typically VPNs are used either for Remote Access or for Site-To-Site connectivity.

ARP - Uses broadcast in IPv4. However, broadcast is not supported in IPv6 so exchanges are done via Neighbor Discovery. - Not required for Serial Interfaces because these interfaces does not have MAC addresses

First Hop Redundancy Protocols (FHRP), eg. HSRP, VRRP, GLBP

Asymmetric Routing - Traffic leaving the network goes through one device or interface while traffic returning to the network uses a different device or interface. - Cisco recommends not to span a VLAN across more than one access layer switch to avoid asymmetric routing - If needed set the aging timer of the Content Adressable Memory (CAM) table to match (or less than) that of the FHRP device

Maximum Transmission Unit (MTU) - This relates to the largest packet size supported on an interface and is typically 1500 bytes

Latency - The time required for a packet to travel from its source to its destination - is a factor of the bandwidth-delay product

TCP Window Field - The number of bytes a sender is willing to transmit before an acknowledgement is received

Sliding Window - The window size begins with one segment. Once an acknowledgement is received, the window size increase by 2. If an acknowledgement is received, the windows size then increases by 4, and so on and so on until there is no acknowledgement within a certain time period - round-trip time (RTT) or until a maximum configured window size is reached

Below is a list of threat intelligence websites that you can use. Cymon.io is an excellent one as it searches around 200 different sources. If you’re looking for a more exhaustive list of threat intel sites, check out https://github.com/rshipp/awesome-malware-analysis